Earlier this week, I started a blog series about the 5 parts of an enterprise-grade mobile environment. In the first blog of the series I described the first piece, mobile apps, of the puzzle in my post. In case you missed the first two, you can read read both by clicking on these links: 5 Parts of an Enterprise-Grade Mobile Infrastructure Blog Series – Part 1 , and 5 Parts of an Enterprise-Grade Mobile Infrastructure Blog Series – Part 2
A reminder that there are 5 pieces that make up an enterprise-grade mobile environment and I will explain each part in this 5 part blog series. Today I will focus on the third piece of the enterprise-grade mobile infrastructure puzzle. It is the ‘end to end security’.
Security is a vital part of any IT infrastructure and is not to be taken lightly. As we change the ways in which we use and share corporate data, including access and activities conducted on mobile devices, there are new threats placed upon the user and the IT team that supports them. Jorge García from Technology Evaluation Centers created an executive brief titled ‘Mobility, Security Concerns, and Avoidance’. He outlines the threats, but does not limit them to, the following:
- “malware and spyware—while in the past, malicious software predominantly affected personal computers, in recent years the mobile industry has seen an increase in the number of malware and spyware programs used to cause harm or to steal confidential information from users and companies;
- hacking—by exploiting a system’s/network’s weaknesses, hackers can gain access to sensitive data in order to exploit, disclose, or harm information residing within the mobile infrastructure;
- data loss—an increasing number of mobile users and organizations store sensitive information within their mobile devices—information that can potentially be stolen or lost with the device; and
- jailbreaking (iOS)/rooting (Android)—many mobile users choose to modify the original operating system to expand the capabilities of iOS and Android devices. However, such modifications make devices more vulnerable to external attacks and may expose information and passwords stored
on these devices to hackers.”
Beyond securing the device is the need to protect corporate data. Garcia notes that ‘data is one of an organization’s most important assets’ and my experience working with our mobile customers confirm this. We need to consider security at the source, during transmission and at target. In the paper, Garcia provides a helpful summary of these three areas:
“At the source: “Source” encompasses all components residing within the corporate firewall. Everything within the corporate network must be
protected, which means implementing policies and strategies to grant, limit, or prohibit access to the corporate network. This includes the use of specific
mobile virtual private network (VPN) tunnels or a secure mobile network operation center (NOC).
During transmission: I.e., the transmission of information over a wireless network. Three elements are important at this stage: sending, reception, and transit through the wireless network. Securing transmission includes verification/authentication of the sender as well as the use of additional processes such as data encryption.
At target (internal devices): The vast number and variety of devices, as well as new corporate patterns of adoption, make it essential for organizations to anticipate new risks, from exposure of sensitive data through theft or loss, to the potential threat of malware and spyware programs. Measures such as restricting access to the mobile device, or establishing policies to block or erase sensitive data need to be taken to ensure information security is improved.”
I highly recommend that you read this piece as you begin to evaluate mobile end-to-end security in your organization. Plus, there is a great tool in this paper that you can use to assess your level of corporate mobile security.
Mobile security is a large piece of the enterprise-grade mobile infrastructure and many companies have already found solutions that protect their most valuable asset: the data that makes their business unique. A good example a unique brand that has implemented a mobile security solution is Tommy Hilfiger. This leading consumer package goods company is keeping its sensitive data theft-proof and enabling remote wiping of a stolen device in
seconds with a mobile device management and security software.
Watch this video to learn more:
Tommy Hilfiger uses a mobile device management, and mobile application management solution. These are two types of solution (that can also
be rolled into one) that are constantly used to address mobile security issues. Analyst Group IDC released a market analysis titled ‘Worldwide Mobile Enterprise Management Software, 2012–2016 Forecast and Analysis and 2011 Vendor Shares’ that I think you should read this report to educate yourself about these types of solutions and how they address mobile security.
This concludes part 3 of the 5 pieces that make up the enterprise-grade mobile infrastructure. Watch out for more next week.